Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: container-toolkit patched image with fixed CVE #2415

Merged
merged 6 commits into from
Jul 22, 2024

Conversation

SandhyaRavi2403
Copy link
Contributor

What problem does this PR solve?:
Patch container-toolkit image with fixed CVE's

workflow link:
https://github.com/mesosphere/dkp-container-images/actions/runs/9951761362

sandhya.ravi@GT9X7CVF5F kommander-applications % trivy image ghcr.io/mesosphere/dkp-container-images/nvcr.io/nvidia/k8s/container-toolkit:v1.15.0-ubi8-d2iq.0 --vuln-type os --ignore-unfixed | grep Total 2024-07-16T12:55:02+05:30 INFO Vulnerability scanning is enabled 2024-07-16T12:55:02+05:30 INFO Secret scanning is enabled 2024-07-16T12:55:02+05:30 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning 2024-07-16T12:55:02+05:30 INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection 2024-07-16T12:55:15+05:30 INFO Detected OS family="redhat" version="8.9" 2024-07-16T12:55:15+05:30 INFO [redhat] Detecting RHEL/CentOS vulnerabilities... os_version="8" pkg_num=201 2024-07-16T12:55:15+05:30 WARN Using severities from other vendors for some vulnerabilities. Read https://aquasecurity.github.io/trivy/v0.53/docs/scanner/vulnerability#severity-selection for details. Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

Which issue(s) does this PR fix?:

https://jira.nutanix.com/browse/NCN-101394

Special notes for your reviewer:

Does this PR introduce a user-facing change?:


Checklist

  • If the PR adds a version bump, ensure there is no breaking change in Licensing model (or NA).
  • If a chart is changed or app configuration is significantly changed, the chart version is correctly incremented (so that apps are not automatically upgraded from a previous version of DKP).

@SandhyaRavi2403 SandhyaRavi2403 self-assigned this Jul 16, 2024
@github-actions github-actions bot added services/nvidia-gpu-operator ok-to-test Signals mergebot that CI checks are ready to be kicked off do-not-merge/testing Do not merge because there is still on-going testing open-kommander-pr Automatically triggers the creation of a PR in Kommander repo update-licenses signals mergebot to update licenses.d2iq.yaml size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jul 16, 2024
@coveralls
Copy link

coveralls commented Jul 16, 2024

Pull Request Test Coverage Report for Build 10038531766

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 51.515%

Totals Coverage Status
Change from base Build 10034025903: 0.0%
Covered Lines: 136
Relevant Lines: 264

💛 - Coveralls

@github-actions github-actions bot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jul 16, 2024
Copy link
Contributor

✅ Created Kommander branch to test kommander-applications changes: https://github.com/mesosphere/kommander/tree/kapps/main/sandhya/container-toolkit-cve-fix

@SandhyaRavi2403 SandhyaRavi2403 force-pushed the sandhya/container-toolkit-cve-fix branch from 30b5807 to e1720c5 Compare July 16, 2024 15:19
@github-actions github-actions bot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jul 16, 2024
@SandhyaRavi2403 SandhyaRavi2403 force-pushed the sandhya/container-toolkit-cve-fix branch from e1720c5 to 7294356 Compare July 18, 2024 14:23
@SandhyaRavi2403 SandhyaRavi2403 added ok-to-test Signals mergebot that CI checks are ready to be kicked off and removed ok-to-test Signals mergebot that CI checks are ready to be kicked off labels Jul 18, 2024
@github-actions github-actions bot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. services/git-operator and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jul 18, 2024
@SandhyaRavi2403 SandhyaRavi2403 added ok-to-test Signals mergebot that CI checks are ready to be kicked off and removed ok-to-test Signals mergebot that CI checks are ready to be kicked off labels Jul 18, 2024
@SandhyaRavi2403 SandhyaRavi2403 force-pushed the sandhya/container-toolkit-cve-fix branch from 79122eb to 8e88ce3 Compare July 18, 2024 17:27
@github-actions github-actions bot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jul 18, 2024
@SandhyaRavi2403
Copy link
Contributor Author

@mhrabovcin, The corresponding Kommander PR https://github.com/mesosphere/kommander/pull/4806 (has one test failing which is expected as per the slack (https://nutanix.slack.com/archives/C06KX3DPA9K/p1721319103132479).

@github-actions github-actions bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Jul 19, 2024
@github-actions github-actions bot removed the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Jul 19, 2024
@SandhyaRavi2403 SandhyaRavi2403 force-pushed the sandhya/container-toolkit-cve-fix branch from 16ac7de to 9992a26 Compare July 22, 2024 09:01
@SandhyaRavi2403 SandhyaRavi2403 added ok-to-test Signals mergebot that CI checks are ready to be kicked off and removed ok-to-test Signals mergebot that CI checks are ready to be kicked off labels Jul 22, 2024
@SandhyaRavi2403 SandhyaRavi2403 force-pushed the sandhya/container-toolkit-cve-fix branch from b8b93aa to 9992a26 Compare July 22, 2024 09:43
@SandhyaRavi2403 SandhyaRavi2403 force-pushed the sandhya/container-toolkit-cve-fix branch from bfcceba to ec22b8d Compare July 22, 2024 09:48
@SandhyaRavi2403
Copy link
Contributor Author

SandhyaRavi2403 commented Jul 22, 2024

@mhrabovcin , PR is ready for review
corresponding kommander PR: https://github.com/mesosphere/kommander/pull/4806

@SandhyaRavi2403 SandhyaRavi2403 merged commit 8245728 into main Jul 22, 2024
27 checks passed
@SandhyaRavi2403 SandhyaRavi2403 deleted the sandhya/container-toolkit-cve-fix branch July 22, 2024 18:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
do-not-merge/testing Do not merge because there is still on-going testing ok-to-test Signals mergebot that CI checks are ready to be kicked off open-kommander-pr Automatically triggers the creation of a PR in Kommander repo ready-for-review services/git-operator services/nvidia-gpu-operator size/S Denotes a PR that changes 10-29 lines, ignoring generated files. update-licenses signals mergebot to update licenses.d2iq.yaml
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants